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REMARKS 

Claims 1 1-34 are pending. Applicants respectfully request reconsideration of this 
application, as amended. 

The independent claims have been amended to recite that the role overlays one or 
more privileges and is capable of being assigned to a plurality of requestors. Furthermore, 
the Abstract and Claims 27 and 28 have been amended in accordance with the Examiner's 
recommendations. A majority of the remaining claims have also been amended to eliminate 
artifacts of European patent practice. 

As discussed in the background of the present application, when an application 
launched by a given administrator wants to access a resource, the system consults a list that is 
attached to said resource and verifies whether the administrator has the right to access it. A 
system of this type is based on the identity of the administrator, and the more the number of 
administrators increases, the more complex the system becomes, and the slower and more 
expensive the operation. Furthermore, the system needs to access the interrogated resource 
even if the calling administrator does not have the appropriate rights required to do so. 

In contrast, and as clearly recited in independent Claim 1 1, the role restricts resource 
accessibility and the role overlays one or more privileges and is capable of being assigned to 
a plurality of requestors. Furthermore, as recited in Claim 1 1, a part of a set of resources is 
defined that is accessible by a given role by a validity domain and the validity domain of the 
given role utilized to restrict the resources accessible for the given role to only part of the 
resources. 

As is readily apparent in Brown, access rights of users of a computer network with 
respect to data entities are specified by a relational database stored on one or more security 
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servers. Application servers on the network that provide user access to the data entities 



users. Thus, as discussed in Applicant's background of the invention, Brown would suffer 
the same drawbacks in that access rights are user-centric. 

As is readily apparent, Brown does not teach or suggest at least the role-based 
features recited in the independent claims. The remaining claims are also distinguishable 
over Brown for at least the features outlined above and the additional features recited therein. 
Accordingly, an early Notice of Allowance is respectfully requested. 

The Commissioner is hereby authorized to charge to Deposit Account No. 50-1 165 
any fees under 37 C.F.R. §§ 1.16 and 1.17 that may be required by this paper and to credit 
any overpayment to that Account. If any extension of time is required in connection with the 
filing of this paper and has not been requested separately, such extension is hereby requested. 



generate queries to the relational database in order to obtain access rights lists of specific 
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